npm - svf-tools - Versions diffs - 1.0.371 → 1.0.375 - Mend

svf-tools 1.0.371 → 1.0.375

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

package/lib/SVF-FE/SVFIRBuilder.cpp CHANGED Viewed

@@ -269,19 +269,23 @@ bool SVFIRBuilder::computeGepOffset(const User *V, LocationSet& ls)
     for (bridge_gep_iterator gi = bridge_gep_begin(*V), ge = bridge_gep_end(*V);
             gi != ge; ++gi)
     {
-        ls.addOffsetValue(gi.getOperand(), *gi);
+        const Type* gepTy = *gi;
+        const Value* offsetVal = gi.getOperand();
+        ls.addOffsetValue(offsetVal, gepTy);
         //The int value of the current index operand
-        ConstantInt *op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand());
+        const ConstantInt *op = SVFUtil::dyn_cast<ConstantInt>(offsetVal);
-        // Handling array types, skipe array handling here
-        // We treat whole array as one, but we can distinguish different field of an array of struct
-        // e.g. s[1].f1 is differet from s[0].f2
-        if(SVFUtil::isa<ArrayType>(*gi))
-            continue;
-        // Handling struct here
-        if (const StructType *ST = SVFUtil::dyn_cast<StructType>(*gi) )
+        // if Options::ModelConsts is disabled. We will treat whole array as one,
+        // but we can distinguish different field of an array of struct, e.g. s[1].f1 is differet from s[0].f2
+        if(SVFUtil::isa<ArrayType>(gepTy)){
+            if(!op)
+                continue;
+            s64_t idx = op->getSExtValue();
+            u32_t offset = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(gepTy, idx);
+            ls.setFldIdx(ls.accumulateConstantFieldIdx() + offset);
+        }
+        else if (const StructType *ST = SVFUtil::dyn_cast<StructType>(gepTy))
         {
             // If the first operand is a non-constant, it is likely an array access
             // (e.g., %ptr = getelementptr struct_A, %struct_A* %1, i64 %idx)
@@ -291,29 +295,21 @@ bool SVFIRBuilder::computeGepOffset(const User *V, LocationSet& ls)
             assert(op && "non-const index in an operand in GEP");
             //The actual index
             s64_t idx = op->getSExtValue();
-            const vector<u32_t> &so = SymbolTableInfo::SymbolInfo()->getFlattenedFieldIdxVec(ST);
-            if ((unsigned)idx >= so.size())
-            {
-                outs() << "!! Struct index out of bounds" << idx << "\n";
-                assert(0);
-            }
-            // add the translated offset
-            ls.setFldIdx(ls.accumulateConstantFieldIdx() + so[idx]);
+            u32_t offset = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(ST, idx);
+            ls.setFldIdx(ls.accumulateConstantFieldIdx() + offset);
         }
-        if ((*gi)->isSingleValueType())
+        else if (gepTy->isSingleValueType())
         {
-            if(!op){
-                // Handle non-constant index
-                // Given a gep edge p = q + idx, where idx is non-constant
+            // Handle non-constant index
+            // Given a gep edge p = q + idx, where idx is non-constant
+            if(!op)
                 return false;
-            }
             // The actual index
             s64_t idx = op->getSExtValue();
             // infer the field offset based on the byte offset
             u32_t fieldOffset = inferFieldIdxFromByteOffset(gepOp, dataLayout, ls, idx);
-            ls.setFldIdx(fieldOffset);
+            ls.setFldIdx(ls.accumulateConstantFieldIdx() + fieldOffset);
         }
     }
     return true;
@@ -463,7 +459,7 @@ NodeID SVFIRBuilder::getGlobalVarField(const GlobalVariable *gvar, u32_t offset)
         const Type *gvartype = gvar->getType();
         while (const PointerType *ptype = SVFUtil::dyn_cast<PointerType>(gvartype))
             gvartype = ptype->getElementType();
-        return getGepValVar(gvar, LocationSet(offset), gvartype, offset);
+        return getGepValVar(gvar, LocationSet(offset), gvartype);
     }
 }
@@ -521,28 +517,30 @@ void SVFIRBuilder::InitialGlobal(const GlobalVariable *gvar, Constant *C,
                 addCopyEdge(pag->getNullPtr(), src);
         }
     }
-    else if (SVFUtil::isa<ConstantArray>(C))
-    {
-        if (cppUtil::isValVtbl(gvar) == false)
-            for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
-                InitialGlobal(gvar, SVFUtil::cast<Constant>(C->getOperand(i)), offset);
-    }
-    else if (SVFUtil::isa<ConstantStruct>(C))
+    else if (SVFUtil::isa<ConstantArray>(C) || SVFUtil::isa<ConstantStruct>(C))
     {
-        const StructType *sty = SVFUtil::cast<StructType>(C->getType());
-        const std::vector<u32_t>& offsetvect =
-            SymbolTableInfo::SymbolInfo()->getFlattenedFieldIdxVec(sty);
-        for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
-        {
-            u32_t off = offsetvect[i];
+        for (u32_t i = 0, e = C->getNumOperands(); i != e; i++){
+            u32_t off = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(C->getType(), i);
             InitialGlobal(gvar, SVFUtil::cast<Constant>(C->getOperand(i)), offset + off);
         }
     }
-    else
+    else if(ConstantData* data = SVFUtil::dyn_cast<ConstantData>(C))
     {
-        //TODO:assert(false,"what else do we have");
+        if(Options::ModelConsts){
+            if(ConstantDataSequential* seq = SVFUtil::dyn_cast<ConstantDataSequential>(data)){
+                for(u32_t i = 0; i < seq->getNumElements(); i++){
+                    u32_t off = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(C->getType(), i);
+                    Constant* ct = seq->getElementAsConstant(i);
+                    InitialGlobal(gvar, ct, offset + off);
+                }
+            }
+            else{
+                InitialGlobal(gvar, data, offset);
+            }
+        }
+    }
+    else{
+        //TODO:assert(SVFUtil::isa<ConstantVector>(C),"what else do we have");
     }
 }
@@ -709,7 +707,7 @@ void SVFIRBuilder::visitCastInst(CastInst &inst)
     }
     else
     {
-        Value * opnd = inst.getOperand(0);
+        const Value * opnd = inst.getOperand(0);
         if (!SVFUtil::isa<PointerType>(opnd->getType()))
             opnd = stripAllCasts(opnd);
@@ -730,7 +728,7 @@ void SVFIRBuilder::visitBinaryOperator(BinaryOperator &inst)
     Value* op2 = inst.getOperand(1);
     NodeID op2Node = getValueNode(op2);
     u32_t opcode = inst.getOpcode();
-    const BinaryOPStmt* binayPE = addBinaryOPEdge(op1Node, op2Node, dst, opcode);
+    addBinaryOPEdge(op1Node, op2Node, dst, opcode);
 }
 /*!
@@ -743,7 +741,7 @@ void SVFIRBuilder::visitUnaryOperator(UnaryOperator &inst)
     Value* opnd = inst.getOperand(0);
     NodeID src = getValueNode(opnd);
     u32_t opcode = inst.getOpcode();
-    const UnaryOPStmt* unaryPE = addUnaryOPEdge(src, dst, opcode);
+    addUnaryOPEdge(src, dst, opcode);
 }
 /*!
@@ -758,7 +756,7 @@ void SVFIRBuilder::visitCmpInst(CmpInst &inst)
     Value* op2 = inst.getOperand(1);
     NodeID op2Node = getValueNode(op2);
     u32_t predicate = inst.getPredicate();
-    const CmpStmt* cmpPE = addCmpEdge(op1Node, op2Node, dst, predicate);
+    addCmpEdge(op1Node, op2Node, dst, predicate);
 }
@@ -897,7 +895,7 @@ void SVFIRBuilder::visitBranchInst(BranchInst &inst){
         const ICFGNode* icfgNode = pag->getICFG()->getICFGNode(succInst);
         successors.push_back(std::make_pair(icfgNode, 1-i));
     }
-    const BranchStmt *brStmt = addBranchStmt(brinst, cond,successors);
+    addBranchStmt(brinst, cond,successors);
 }
 void SVFIRBuilder::visitSwitchInst(SwitchInst &inst){
@@ -914,7 +912,7 @@ void SVFIRBuilder::visitSwitchInst(SwitchInst &inst){
         const ICFGNode* icfgNode = pag->getICFG()->getICFGNode(succInst);
         successors.push_back(std::make_pair(icfgNode,val));
     }
-    const BranchStmt *brStmt = addBranchStmt(brinst, cond,successors);
+    addBranchStmt(brinst, cond,successors);
 }
 ///   %ap = alloca %struct.va_list
@@ -1012,57 +1010,34 @@ void SVFIRBuilder::handleDirectCall(CallSite cs, const SVFFunction *F)
     }
 }
 /*!
  * Find the base type and the max possible offset of an object pointed to by (V).
  */
-const Type *SVFIRBuilder::getBaseTypeAndFlattenedFields(const Value *V, std::vector<LocationSet> &fields)
+const Type *SVFIRBuilder::getBaseTypeAndFlattenedFields(const Value *V, std::vector<LocationSet> &fields, const Value* szValue)
 {
     assert(V);
-    fields.push_back(LocationSet(0));
-    const Type *T = V->getType();
-    // Use the biggest struct type out of all operands.
-    if (const User *U = SVFUtil::dyn_cast<User>(V))
-    {
-        u32_t msz = 1;      //the max size seen so far
-        // In case of BitCast, try the target type itself
-        if (SVFUtil::isa<BitCastInst>(V))
-        {
-            u32_t sz = getFields(fields, T, msz);
-            if (msz < sz)
-            {
-                msz = sz;
-            }
-        }
-        // Try the types of all operands
-        for (User::const_op_iterator it = U->op_begin(), ie = U->op_end();
-                it != ie; ++it)
-        {
-            const Type *operandtype = it->get()->getType();
-            u32_t sz = getFields(fields, operandtype, msz);
-            if (msz < sz)
-            {
-                msz = sz;
-                T = operandtype;
-            }
-        }
-    }
-    // If V is a CE, the actual pointer type is its operand.
-    else if (const ConstantExpr *E = SVFUtil::dyn_cast<ConstantExpr>(V))
-    {
-        T = E->getOperand(0)->getType();
-        getFields(fields, T, 0);
-    }
-    // Handle Argument case
-    else if (SVFUtil::isa<Argument>(V))
-    {
-        getFields(fields, T, 0);
-    }
+    const Value * value = stripAllCasts(V);
+    assert(value && "null ptr?");
+    if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(value))
+        value = gep->getPointerOperand();
+    const Type *T = value->getType();
     while (const PointerType *ptype = SVFUtil::dyn_cast<PointerType>(T))
         T = ptype->getElementType();
+    u32_t numOfElems = SymbolTableInfo::SymbolInfo()->getNumOfFlattenElements(T);
+    /// use user-specified size for this copy operation if the size is a constaint int
+    if(szValue && SVFUtil::isa<ConstantInt>(szValue))
+        numOfElems = SVFUtil::cast<ConstantInt>(szValue)->getSExtValue();
+    LLVMContext& context = LLVMModuleSet::getLLVMModuleSet()->getContext();
+    for(u32_t ei = 0; ei < numOfElems; ei++){
+        LocationSet ls(ei);
+        // make a ConstantInt and create char for the content type due to byte-wise copy
+        const ConstantInt* offset = ConstantInt::get(context, llvm::APInt(32, ei));
+        ls.addOffsetValue(offset, nullptr);
+        fields.push_back(ls);
+    }
     return T;
 }
@@ -1070,7 +1045,7 @@ const Type *SVFIRBuilder::getBaseTypeAndFlattenedFields(const Value *V, std::vec
  * Add the load/store constraints and temp. nodes for the complex constraint
  * *D = *S (where D/S may point to structs).
  */
-void SVFIRBuilder::addComplexConsForExt(Value *D, Value *S, u32_t sz)
+void SVFIRBuilder::addComplexConsForExt(Value *D, Value *S, const Value* szValue)
 {
     assert(D && S);
     NodeID vnD= getValueNode(D), vnS= getValueNode(S);
@@ -1082,18 +1057,16 @@ void SVFIRBuilder::addComplexConsForExt(Value *D, Value *S, u32_t sz)
     //Get the max possible size of the copy, unless it was provided.
     std::vector<LocationSet> srcFields;
     std::vector<LocationSet> dstFields;
-    const Type *stype = getBaseTypeAndFlattenedFields(S, srcFields);
-    const Type *dtype = getBaseTypeAndFlattenedFields(D, dstFields);
+    const Type *stype = getBaseTypeAndFlattenedFields(S, srcFields, szValue);
+    const Type *dtype = getBaseTypeAndFlattenedFields(D, dstFields, szValue);
     if(srcFields.size() > dstFields.size())
         fields = dstFields;
     else
         fields = srcFields;
     /// If sz is 0, we will add edges for all fields.
-    if (sz == 0)
-        sz = fields.size();
+    u32_t sz = fields.size();
-    assert(fields.size() >= sz && "the number of flattened fields is smaller than size");
     if (fields.size() == 1 && (isConstantData(D) || isConstantData(S))) {
         NodeID dummy = pag->addDummyValNode();
         addLoadEdge(vnD,dummy);
@@ -1104,8 +1077,8 @@ void SVFIRBuilder::addComplexConsForExt(Value *D, Value *S, u32_t sz)
     //For each field (i), add (Ti = *S + i) and (*D + i = Ti).
     for (u32_t index = 0; index < sz; index++)
     {
-        NodeID dField = getGepValVar(D,fields[index],dtype,index);
-        NodeID sField = getGepValVar(S,fields[index],stype,index);
+        NodeID dField = getGepValVar(D,fields[index],dtype);
+        NodeID sField = getGepValVar(S,fields[index],stype);
         NodeID dummy = pag->addDummyValNode();
         addLoadEdge(sField,dummy);
         addStoreEdge(dummy,dField);
@@ -1138,7 +1111,7 @@ void SVFIRBuilder::handleExtCall(CallSite cs, const SVFFunction *callee)
             {
                 NodeID vnArg = getValueNode(arg);
                 NodeID dummy = pag->addDummyValNode();
-                NodeID obj = pag->addDummyObjNode();
+                NodeID obj = pag->addDummyObjNode(arg->getType());
                 if (vnArg && dummy && obj)
                 {
                     addAddrEdge(obj, dummy);
@@ -1220,7 +1193,7 @@ void SVFIRBuilder::handleExtCall(CallSite cs, const SVFFunction *callee)
             }
             case ExtAPI::EFT_L_A0__A0R_A1R:
             {
-                addComplexConsForExt(cs.getArgument(0), cs.getArgument(1));
+                addComplexConsForExt(cs.getArgument(0), cs.getArgument(1), cs.getArgument(2));
                 //memcpy returns the dest.
                 if(SVFUtil::isa<PointerType>(inst->getType()))
                 {
@@ -1229,7 +1202,7 @@ void SVFIRBuilder::handleExtCall(CallSite cs, const SVFFunction *callee)
                 break;
             }
             case ExtAPI::EFT_A1R_A0R:
-                addComplexConsForExt(cs.getArgument(1), cs.getArgument(0));
+                addComplexConsForExt(cs.getArgument(1), cs.getArgument(0), cs.getArgument(2));
                 break;
             case ExtAPI::EFT_L_A1__FunPtr:
             {
@@ -1249,7 +1222,7 @@ void SVFIRBuilder::handleExtCall(CallSite cs, const SVFFunction *callee)
             }
             case ExtAPI::EFT_A3R_A1R_NS:
                 //These func. are never used to copy structs, so the size is 1.
-                addComplexConsForExt(cs.getArgument(3), cs.getArgument(1), 1);
+                addComplexConsForExt(cs.getArgument(3), cs.getArgument(1), nullptr);
                 break;
             case ExtAPI::EFT_A1R_A0:
             {
@@ -1352,14 +1325,14 @@ void SVFIRBuilder::handleExtCall(CallSite cs, const SVFFunction *callee)
                 // We get all flattened fields of base
                 vector<LocationSet> fields;
-                const Type *type = getBaseTypeAndFlattenedFields(vArg3, fields);
+                const Type *type = getBaseTypeAndFlattenedFields(vArg3, fields, nullptr);
                 assert(fields.size() >= 4 && "_Rb_tree_node_base should have at least 4 fields.\n");
                 // We summarize the side effects: arg3->parent = arg1, arg3->left = arg1, arg3->right = arg1
                 // Note that arg0 is aligned with "offset".
                 for (int i = offset + 1; i <= offset + 3; ++i)
                 {
-                    NodeID vnD = getGepValVar(vArg3, fields[i], type, i);
+                    NodeID vnD = getGepValVar(vArg3, fields[i], type);
                     NodeID vnS = getValueNode(vArg1);
                     if(vnD && vnS)
                         addStoreEdge(vnS,vnD);
@@ -1376,14 +1349,14 @@ void SVFIRBuilder::handleExtCall(CallSite cs, const SVFFunction *callee)
                 // We get all fields
                 vector<LocationSet> fields;
-                const Type *type = getBaseTypeAndFlattenedFields(vArg,fields);
+                const Type *type = getBaseTypeAndFlattenedFields(vArg,fields,nullptr);
                 assert(fields.size() >= 4 && "_Rb_tree_node_base should have at least 4 fields.\n");
                 // We summarize the side effects: ret = arg->parent, ret = arg->left, ret = arg->right
                 // Note that arg0 is aligned with "offset".
                 for (int i = offset + 1; i <= offset + 3; ++i)
                 {
-                    NodeID vnS = getGepValVar(vArg, fields[i], type, i);
+                    NodeID vnS = getGepValVar(vArg, fields[i], type);
                     if(vnD && vnS)
                         addStoreEdge(vnS,vnD);
                 }
@@ -1567,7 +1540,7 @@ void SVFIRBuilder::sanityCheck()
  * Add a temp field value node according to base value and offset
  * this node is after the initial node method, it is out of scope of symInfo table
  */
-NodeID SVFIRBuilder::getGepValVar(const Value* val, const LocationSet& ls, const Type *baseType, u32_t fieldidx)
+NodeID SVFIRBuilder::getGepValVar(const Value* val, const LocationSet& ls, const Type *baseType)
 {
     NodeID base = pag->getBaseValVar(getValueNode(val));
     NodeID gepval = pag->getGepValVar(curVal, base, ls);
@@ -1583,15 +1556,13 @@ NodeID SVFIRBuilder::getGepValVar(const Value* val, const LocationSet& ls, const
          * 2. GlobalVariable
          */
         assert((SVFUtil::isa<Instruction>(curVal) || SVFUtil::isa<GlobalVariable>(curVal)) && "curVal not an instruction or a globalvariable?");
-        const std::vector<FlattenedFieldInfo> &fieldinfo = SymbolTableInfo::SymbolInfo()->getFlattenedFieldInfoVec(baseType);
-        const Type *type = fieldinfo[fieldidx].getFlattenElemTy();
         // We assume every GepValNode and its GepEdge to the baseNode are unique across the whole program
         // We preserve the current BB information to restore it after creating the gepNode
         const Value* cval = getCurrentValue();
         const BasicBlock* cbb = getCurrentBB();
         setCurrentLocation(curVal, nullptr);
-        NodeID gepNode= pag->addGepValNode(curVal, val,ls, NodeIDAllocator::get()->allocateValueId(),type,fieldidx);
+        NodeID gepNode= pag->addGepValNode(curVal, val,ls, NodeIDAllocator::get()->allocateValueId(),baseType);
         addGepEdge(base, gepNode, ls, true);
         setCurrentLocation(cval, cbb);
         return gepNode;
@@ -1701,30 +1672,6 @@ void SVFIRBuilder::setCurrentBBAndValueForPAGEdge(PAGEdge* edge)
     }
 }
-/*!
- * Replace fields with flatten fields of T if the number of its fields is larger than msz.
- */
-u32_t SVFIRBuilder::getFields(std::vector<LocationSet>& fields, const Type* T, u32_t msz)
-{
-    if (!SVFUtil::isa<PointerType>(T))
-        return 0;
-    T = T->getContainedType(0);
-    const std::vector<FlattenedFieldInfo>& stVec = SymbolTableInfo::SymbolInfo()->getFlattenedFieldInfoVec(T);
-    u32_t sz = stVec.size();
-    if (msz < sz)
-    {
-        /// Replace fields with T's flatten fields.
-        fields.clear();
-        for(std::vector<FlattenedFieldInfo>::const_iterator it = stVec.begin(), eit = stVec.end(); it!=eit; ++it)
-            fields.push_back(LocationSet(*it));
-    }
-    return sz;
-}
 void SVFIRBuilder::updateCallGraph(PTACallGraph* callgraph){
     PTACallGraph::CallEdgeMap::const_iterator iter = callgraph->getIndCallMap().begin();
     PTACallGraph::CallEdgeMap::const_iterator eiter = callgraph->getIndCallMap().end();

package/lib/SVF-FE/SymbolTableBuilder.cpp CHANGED Viewed

@@ -412,15 +412,14 @@ void SymbolTableBuilder::handleGlobalCE(const GlobalVariable *G)
     if (G->hasInitializer())
     {
-        handleGlobalInitializerCE(G->getInitializer(), 0);
+        handleGlobalInitializerCE(G->getInitializer());
     }
 }
 /*!
  * Handle global variable initialization
  */
-void SymbolTableBuilder::handleGlobalInitializerCE(const Constant *C,
-        u32_t offset)
+void SymbolTableBuilder::handleGlobalInitializerCE(const Constant *C)
 {
     if (C->getType()->isSingleValueType())
@@ -438,21 +437,33 @@ void SymbolTableBuilder::handleGlobalInitializerCE(const Constant *C,
     {
         for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
         {
-            handleGlobalInitializerCE(SVFUtil::cast<Constant>(C->getOperand(i)), offset);
+            handleGlobalInitializerCE(SVFUtil::cast<Constant>(C->getOperand(i)));
         }
     }
     else if (SVFUtil::isa<ConstantStruct>(C))
     {
-        const StructType *sty = SVFUtil::cast<StructType>(C->getType());
-        const std::vector<u32_t>& offsetvect =
-            SymbolTableInfo::SymbolInfo()->getFlattenedFieldIdxVec(sty);
         for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
         {
-            u32_t off = offsetvect[i];
-            handleGlobalInitializerCE(SVFUtil::cast<Constant>(C->getOperand(i)),
-                                      offset + off);
+            handleGlobalInitializerCE(SVFUtil::cast<Constant>(C->getOperand(i)));
         }
     }
+    else if(const ConstantData* data = SVFUtil::dyn_cast<ConstantData>(C))
+    {
+        if(Options::ModelConsts){
+            if(const ConstantDataSequential* seq = SVFUtil::dyn_cast<ConstantDataSequential>(data)){
+                for(u32_t i = 0; i < seq->getNumElements(); i++){
+                    const Constant* ct = seq->getElementAsConstant(i);
+                    handleGlobalInitializerCE(ct);
+                }
+            }
+            else{
+                handleGlobalInitializerCE(data);
+            }
+        }
+    }
+    else{
+        //TODO:assert(SVFUtil::isa<ConstantVector>(C),"what else do we have");
+    }
 }
 /*
@@ -475,7 +486,7 @@ ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value *val)
     if (refTy)
     {
         Type *objTy = refTy->getElementType();
-        ObjTypeInfo* typeInfo = new ObjTypeInfo(val, objTy, Options::MaxFieldLimit);
+        ObjTypeInfo* typeInfo = new ObjTypeInfo(objTy, Options::MaxFieldLimit);
         initTypeInfo(typeInfo,val);
         return typeInfo;
     }
@@ -485,7 +496,7 @@ ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value *val)
         writeWrnMsg(val->getName().str());
         writeWrnMsg("(" + getSourceLoc(val) + ")");
         if(symInfo->isConstantObjSym(val)){
-            ObjTypeInfo* typeInfo = new ObjTypeInfo(val, val->getType(), 0);
+            ObjTypeInfo* typeInfo = new ObjTypeInfo(val->getType(), 0);
             initTypeInfo(typeInfo,val);
             return typeInfo;
         }
@@ -496,15 +507,14 @@ ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value *val)
     }
 }
 /*!
  * Analyse types of all flattened fields of this object
  */
-void SymbolTableBuilder::analyzeGlobalStackObjType(ObjTypeInfo* typeinfo, const Value* val)
+void SymbolTableBuilder::analyzeObjType(ObjTypeInfo* typeinfo, const Value* val)
 {
     const PointerType * refty = SVFUtil::dyn_cast<PointerType>(val->getType());
-    assert(SVFUtil::isa<PointerType>(refty) && "this value should be a pointer type!");
+    assert(refty && "this value should be a pointer type!");
     Type* elemTy = refty->getElementType();
     bool isPtrObj = false;
     // Find the inter nested array element
@@ -515,9 +525,7 @@ void SymbolTableBuilder::analyzeGlobalStackObjType(ObjTypeInfo* typeinfo, const
             isPtrObj = true;
         if(SVFUtil::isa<GlobalVariable>(val) && SVFUtil::cast<GlobalVariable>(val)->hasInitializer()
                 && SVFUtil::isa<ConstantArray>(SVFUtil::cast<GlobalVariable>(val)->getInitializer()))
-        {
             typeinfo->setFlag(ObjTypeInfo::CONST_ARRAY_OBJ);
-        }
         else
             typeinfo->setFlag(ObjTypeInfo::VAR_ARRAY_OBJ);
     }
@@ -545,6 +553,56 @@ void SymbolTableBuilder::analyzeGlobalStackObjType(ObjTypeInfo* typeinfo, const
         typeinfo->setFlag(ObjTypeInfo::HASPTR_OBJ);
 }
+/*!
+ * Analyse types of heap and static objects
+ */
+void SymbolTableBuilder::analyzeHeapObjType(ObjTypeInfo* typeinfo, const Value* val)
+{
+    if(const Value* castUse = getUniqueUseViaCastInst(val)){
+        typeinfo->setFlag(ObjTypeInfo::HEAP_OBJ);
+        typeinfo->resetTypeForHeapStaticObj(castUse->getType());
+        analyzeObjType(typeinfo,castUse);
+    }
+    else{
+        typeinfo->setFlag(ObjTypeInfo::HEAP_OBJ);
+        typeinfo->setFlag(ObjTypeInfo::HASPTR_OBJ);
+    }
+}
+/*!
+ * Analyse types of heap and static objects
+ */
+void SymbolTableBuilder::analyzeStaticObjType(ObjTypeInfo* typeinfo, const Value* val)
+{
+    if(const Value* castUse = getUniqueUseViaCastInst(val)){
+        typeinfo->setFlag(ObjTypeInfo::STATIC_OBJ);
+        typeinfo->resetTypeForHeapStaticObj(castUse->getType());
+        analyzeObjType(typeinfo,castUse);
+    }
+    else{
+        typeinfo->setFlag(ObjTypeInfo::HEAP_OBJ);
+        typeinfo->setFlag(ObjTypeInfo::HASPTR_OBJ);
+    }
+}
+/*
+ * Get the first dominated cast instruction for heap allocations since they typically come from void* (i8*)
+ * for example, %4 = call align 16 i8* @malloc(i64 10); %5 = bitcast i8* %4 to i32*
+ * return %5 whose type is i32* but not %4 whose type is i8*
+ */
+const Value* SymbolTableBuilder::getUniqueUseViaCastInst(const Value* val){
+    const PointerType * type = SVFUtil::dyn_cast<PointerType>(val->getType());
+    assert(type && "this value should be a pointer type!");
+    /// If type is void* (i8*) and val is only used at a bitcast instruction
+    if (IntegerType *IT = SVFUtil::dyn_cast<IntegerType>(type->getPointerElementType())){
+        if (IT->getBitWidth() == 8 && val->getNumUses()==1){
+            const Use *u = &*val->use_begin();
+            return SVFUtil::dyn_cast<BitCastInst>(u->getUser());
+        }
+    }
+    return nullptr;
+}
 /*!
  * Initialize the type info of an object
  */
@@ -555,13 +613,13 @@ void SymbolTableBuilder::initTypeInfo(ObjTypeInfo* typeinfo, const Value* val){
     if (SVFUtil::isa<Function>(val))
     {
         typeinfo->setFlag(ObjTypeInfo::FUNCTION_OBJ);
-        analyzeGlobalStackObjType(typeinfo,val);
+        analyzeObjType(typeinfo,val);
         objSize = getObjSize(val);
     }
     else if(SVFUtil::isa<AllocaInst>(val))
     {
         typeinfo->setFlag(ObjTypeInfo::STACK_OBJ);
-        analyzeGlobalStackObjType(typeinfo,val);
+        analyzeObjType(typeinfo,val);
         objSize = getObjSize(val);
     }
     else if(SVFUtil::isa<GlobalVariable>(val))
@@ -569,24 +627,24 @@ void SymbolTableBuilder::initTypeInfo(ObjTypeInfo* typeinfo, const Value* val){
         typeinfo->setFlag(ObjTypeInfo::GLOBVAR_OBJ);
         if(SymbolTableInfo::SymbolInfo()->isConstantObjSym(val))
             typeinfo->setFlag(ObjTypeInfo::CONST_GLOBAL_OBJ);
-        analyzeGlobalStackObjType(typeinfo,val);
+        analyzeObjType(typeinfo,val);
         objSize = getObjSize(val);
     }
     else if (SVFUtil::isa<Instruction>(val) && isHeapAllocExtCall(SVFUtil::cast<Instruction>(val)))
     {
-        typeinfo->analyzeHeapObjType(val->getType());
+        analyzeHeapObjType(typeinfo,val);
         // Heap object, label its field as infinite here
         objSize = -1;
     }
     else if (SVFUtil::isa<Instruction>(val) && isStaticExtCall(SVFUtil::cast<Instruction>(val)))
     {
-        typeinfo->analyzeStaticObjType(val->getType());
+        analyzeStaticObjType(typeinfo,val);
         // static object allocated before main, label its field as infinite here
         objSize = -1;
     }
     else if(ArgInProgEntryFunction(val))
     {
-        typeinfo->analyzeStaticObjType(val->getType());
+        analyzeStaticObjType(typeinfo,val);
         // user input data, label its field as infinite here
         objSize = -1;
     }

package/lib/Util/Options.cpp CHANGED Viewed

@@ -636,6 +636,12 @@ namespace SVF
         llvm::cl::desc("Modeling individual constant objects")
     );
+    const llvm::cl::opt<bool> Options::ModelArrays(
+        "model-arrays",
+        llvm::cl::init(false),
+        llvm::cl::desc("Modeling Gep offsets for array accesses")
+    );
     const llvm::cl::opt<bool> Options::SymTabPrint(
             "print-symbol-table", llvm::cl::init(false),
             llvm::cl::desc("Print Symbol Table to command line")

package/lib/Util/TypeBasedHeapCloning.cpp CHANGED Viewed

@@ -259,7 +259,7 @@ const NodeBS TypeBasedHeapCloning::getGepObjClones(NodeID base, unsigned offset)
         setType(newGep, newGepType);
         // We call the object created in the non-TBHC analysis the original object.
-        setOriginalObj(newGep, ppag->getGepObjVar(baseNode->getMemObj(), offset));
+        setOriginalObj(newGep, ppag->getGepObjVar(baseNode->getId(), offset));
         setAllocationSite(newGep, 0);
         geps.set(newGep);

package/lib/WPA/AndersenStat.cpp CHANGED Viewed

@@ -226,7 +226,7 @@ void AndersenStat::statNullPtr()
     {
         NodeID pagNodeId = iter->first;
         PAGNode* pagNode = iter->second;
-        if (pagNode->isTopLevelPtr() == false)
+        if (SVFUtil::isa<ValVar>(pagNode) == false)
             continue;
         SVFStmt::SVFStmtSetTy& inComingStore = pagNode->getIncomingEdges(SVFStmt::Store);
         SVFStmt::SVFStmtSetTy& outGoingLoad = pagNode->getOutgoingEdges(SVFStmt::Load);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.371",
+  "version": "1.0.375",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {